This section is intended to introduce the reader to various aspects of the art that may be related to various aspects of the present invention. The following discussion is intended to provide information to facilitate a better understanding of the present invention. Accordingly, it should be understood that statements in the following discussion are to be read in this light, and not as admissions of prior art.
Many network access technologies (GSM, WCDMA, WLAN, WiMAX) provide some basic security for the “first hop”. However, not all of them can be considered sufficiently secure and some accesses do not provide any built-in security, e.g. IEEE 802.3. In particular, in fixed line access there is usually no logical protection of user traffic and thus protection relies solely on the difficulty to access the physical media carrying the traffic. Therefore in “Fixed-Mobile Convergence” (FMC) scenarios there is a need to be able to provide at least IMS controlled end-to-access edge (e2) security, i.e. security for the media transport across the access network. This is needed to be able to provide uniform protection of traffic in different types of networks. MMTEL is one such application which needs to be secured to earn users' trust. SRTP (RFC3711) and MIKEY (RFC3830) are examples of protocols for media security and key management that have been proposed to this end. Other applications or enablers like IM, PoC and Presence, such as the ones specified by the Open Mobile Alliance (OMA), would also benefit by an e2æ security solution.
Another type of media protection that might be needed for certain applications is end-to-end (e2e) protection, i.e. from terminal to terminal (or terminal to application server for server based applications). However, true e2e protection would make it impossible to provide network support for e.g. transcoding. In the description below the terminal to access edge solution is the focus. E2e protection of media, true or with plaintext available for network supported functions like PoC. are described in the international publication WO 2009/070075 A 1.
In IMS according to 3GPP standard, the session control/set-up signaling is protected between the P-CSCF and the terminal, either with IPSec or with TLS. Thus, the real need for protection from the terminal to the access edge is only for the media traffic.
One possible solution for terminal to access edge protection of media, built upon an existing protocol, would be to use an IPSec tunnel between the terminal and a security gateway (SGW) at the edge of the trusted IMS core domain (or at some other secure location). Such a tunnel could protect all media traffic from the UE to the edge of the secure network. However, use of IPsec tunnels gives heavy message expansion and makes traffic policing difficult.
It would, of course, also be possible to use existing protocols like SRTP for media protection and MIKEY (or SDES) for key management to protect the media path between the UE and e.g. the SGSN or C-BGF. However, applying it as is has the following problems in that a terminal to access edge solution may:                Interfere with possible end-to-end solutions, in case the user may use such for certain scenarios.        Cause problems with security policies between the home network and visited network in a roaming situation.        Have problems with key management and authentication of users/networks.        Lack means for the UE to indicate to the network prior to session establishment if it supports media security at all and if that is the case, which type of media protection it supports.        
The invention in US patent US 2006/0288423 to Franck et al provides media protection of media flows between a network element such as an end point, for instance a mobile user terminal, and another network element over an access network. Franck et al does not disclose pre-registration of media security capabilities of a user terminal that may result in excessive control plane signaling.